How not to set up your DNS (part 17)

Here is an interesting one that caused me to go digging into the moderate depths of DNS arcana:

; sdig ns just-dust.com
dns1.name-services.com.
dns2.name-services.com.
dns3.name-services.com.
dns4.name-services.com.
dns5.name-services.com.
; dig mx servidor134.just-dust.com
[...]
;; [...] status: SERVFAIL, [...]

This isn't for any simple reason, such as the servers refusing to answer us or not being authoritative or whatnot. Instead, they have managed to get the 'no such record' reply wrong; instead of returning a SOA record for just-dust.com, they return what looks like a lame delegation response (pointing at themselves), except that it has the aa bit set.

What may be going on is that name-services.com seems to be running a very peculiar nameserver that has the moral equivalent of a wildcard CNAME record for just-dust.com, but only for A record queries; if you ask directly for a CNAME for foo.bar.just-dust.com, you get a normal 'no such data' reply, but if you ask for the A record for that you get back a reply with a CNAME plus an A record. Presumably as a result of this, almost all queries for MX records of names inside the just-dust.com zone get these lame delegation replies.

(Not all MX queries; just-dust.com MXes to mail.just-dust.com, and name-services.com will return an MX record for that.)

These are my WanderingThoughts
(About the blog)

GettingAround
Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.

* * *

Atom feeds are available; see the bottom of most pages.

This is a DWiki.
(Help)

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web

Search:
Written on 16 August 2007.
(Previous | Next)
Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.
Last modified: Thu Aug 16 12:23:50 2007
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.